hillcrestpress.weprnt4u.com
Open in
urlscan Pro
198.235.134.66
Malicious Activity!
Public Scan
Submission Tags: @ipnigh
Submission: On July 04 via api from GB
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on May 17th 2019. Valid for: 3 months.
This is the only time hillcrestpress.weprnt4u.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BNZ Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 198.235.134.66 198.235.134.66 | 54611 (ITSYOURIT) (ITSYOURIT - Intelligent Technology Solutions) | |
4 | 34.199.225.6 34.199.225.6 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
5 | 45.60.78.175 45.60.78.175 | 19551 (INCAPSULA) (INCAPSULA - Incapsula Inc) | |
11 | 3 |
ASN54611 (ITSYOURIT - Intelligent Technology Solutions, Inc., US)
PTR: web01.remly.com
hillcrestpress.weprnt4u.com |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-199-225-6.compute-1.amazonaws.com
execution-use.ci360.sas.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
bnz.co.nz
www.bnz.co.nz m.bnz.co.nz |
42 KB |
4 |
sas.com
execution-use.ci360.sas.com |
74 KB |
2 |
weprnt4u.com
hillcrestpress.weprnt4u.com |
38 KB |
11 | 3 |
Domain | Requested by | |
---|---|---|
4 | www.bnz.co.nz |
hillcrestpress.weprnt4u.com
|
4 | execution-use.ci360.sas.com |
hillcrestpress.weprnt4u.com
|
2 | hillcrestpress.weprnt4u.com |
hillcrestpress.weprnt4u.com
|
1 | m.bnz.co.nz |
hillcrestpress.weprnt4u.com
|
11 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.bnz.co.nz |
Subject Issuer | Validity | Valid | |
---|---|---|---|
hillcrestpress.com Let's Encrypt Authority X3 |
2019-05-17 - 2019-08-15 |
3 months | crt.sh |
*.ci360.sas.com DigiCert SHA2 Secure Server CA |
2019-04-23 - 2021-07-22 |
2 years | crt.sh |
www.bnz.co.nz Entrust Certification Authority - L1M |
2019-04-11 - 2020-05-05 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://hillcrestpress.weprnt4u.com/bn/bnz/home/index.htm
Frame ID: 8757EAE0C50CFEF720F85407D870BCD2
Requests: 11 HTTP requests in this frame
3 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title: Register
Search URL Search Domain Scan URL
Title: Forgot password?
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.htm
hillcrestpress.weprnt4u.com/bn/bnz/home/ |
37 KB 38 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ot-min.js
execution-use.ci360.sas.com/js/ |
226 KB 62 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1538081719195
execution-use.ci360.sas.com/t/s/c/c0b52ff90d000139628464bd/ |
36 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
c0b52ff90d000139628464bd
execution-use.ci360.sas.com/t/s/p/ |
87 B 472 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
serrano.css
www.bnz.co.nz/serrano/ |
2 KB 895 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logout.png
m.bnz.co.nz/pa/oidc/ |
70 B 578 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logout.png
www.bnz.co.nz/pa/oidc/ |
70 B 651 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
c0b52ff90d000139628464bd
execution-use.ci360.sas.com/t/s/s/ |
11 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.a88c18e8.js
hillcrestpress.weprnt4u.com/auth/static/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SerranoWeb-Bold.woff2
www.bnz.co.nz/serrano/fonts/ |
21 KB 21 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SerranoWeb-Regular.woff2
www.bnz.co.nz/serrano/fonts/ |
19 KB 19 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BNZ Bank (Banking)27 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask boolean| isUnsupportedBrowser object| OLA_DOMAINS function| C3MM object| com_sas_ci_acs string| expires function| e9xx function| N9xx object| c3 object| Hashcode object| GeneralBase64 object| Base64 object| spotMap object| dataTagToEventMap function| windowFocused function| windowBlured function| LocalQueue object| CryptoJS function| getDecisionParams function| extractValue function| handleInjectResponse function| loadDoc function| overridePrototypes function| onYouTubeIframeAPIReady function| onYouTubePlayerReady0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
execution-use.ci360.sas.com
hillcrestpress.weprnt4u.com
m.bnz.co.nz
www.bnz.co.nz
198.235.134.66
34.199.225.6
45.60.78.175
00597164b7643a1a0040f59fe7167231ba550754b16f0c7df456d7490698ba11
01bd6a45f4abede766aa31da039b9f30da9652713229f9c2b35eb2fa6199bb48
01e02a02093340071d1364f08f71d9f2c62e272ba902bbc4a01bc505f693fc1e
22f39db53acd71a4cbcab5efaf2a4847b8ebc11694f8e28b35c49e99b7346e13
8bfa55eea9a878e9e52ea36b1467776d364b2c0b07f2403893ee72ba65ae104b
980e0a8ca74cdf527b4140b344ea720bbbef66b0d438c3ab1bd41282e097ec8b
9e63cdc77de3df5b0b0685849e03d263716a22ccf56e4ed74807504dc227221c
dc5687b50f70cb95379bfced5a0eae768dd4382cd6b393ee77d65bbdd6373fbf
f8260d7d44cfb1f8029f9a65067d76476106c2dbf95aab7673a51198ca6b9659